台湾cnyes钜亨网dns域传送漏洞 | wooyun-2015-0107107| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0107107

漏洞标题：台湾cnyes钜亨网dns域传送漏洞

漏洞作者：路人甲

提交时间：2015-04-13 17:55

修复时间：2015-06-01 22:56

公开时间：2015-06-01 22:56

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-04-13：细节已通知厂商并且等待厂商处理中
2015-04-17：厂商已经确认，细节仅向厂商公开
2015-04-27：细节向核心白帽子及相关领域专家公开
2015-05-07：细节向普通白帽子公开
2015-05-17：细节向实习白帽子公开
2015-06-01：细节向公众公开

简要描述：

dns域传送

详细说明：

1.url：
http://www.cnyes.com/

漏洞证明：

2.泄露信息：

; <<>> DiG 9.8.3-P1 <<>> @ldap.cnyes.com. axfr cnyes.com
; (1 server found)
;; global options: +cmd
cnyes.com.		3600	IN	SOA	ldap.cnyes.com. admin.cnyes.com. 748 900 600 86400 3600
cnyes.com.		3600	IN	A	211.72.252.30
cnyes.com.		3600	IN	NS	ldap.cnyes.com.
cnyes.com.		3600	IN	NS	ns.cnyes.com.
cnyes.com.		3600	IN	MX	0 cnyes-com.mail.protection.outlook.com.
cnyes.com.		3600	IN	TXT	"v=spf1 include:spf.protection.outlook.com -all"
s1024._domainkey.cnyes.com. 3600 IN	TXT	"k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5T4C4tyHsrVyiFZcqw4DGRDgfqtaPhEYqFSz/FSvVJywU1pBNF3rWkaaOjrzEIIb1vcIydgGi7xSXGbPqof9AnTHgVbX2cIASW09fTwTLokzj0dZ9gx9/Lsy7mjNvna4JQhLGl25oFsv2x3fwoRoynTw+2B9bRzCbTwtGX9mWOwIDAQAB\;"
ad.cnyes.com.		3600	IN	A	122.147.235.82
ad.cnyes.com.		3600	IN	A	122.147.235.83
afund.cnyes.com.	3600	IN	A	211.72.252.170
agent.cnyes.com.	3600	IN	A	211.72.252.226
autodiscover.cnyes.com.	3600	IN	CNAME	autodiscover.outlook.com.
b2b.cnyes.com.		3600	IN	A	210.71.219.201
b2b.cnyes.com.		3600	IN	A	210.71.219.202
b2b.cnyes.com.		3600	IN	A	210.71.219.200
te.b2b.cnyes.com.	3600	IN	A	210.71.219.200
b2bws1.cnyes.com.	3600	IN	A	59.124.237.132
bar.cnyes.com.		3600	IN	A	210.71.219.24
bar1.cnyes.com.		3600	IN	A	210.71.219.24
bartest.cnyes.com.	3600	IN	A	122.146.11.112
blog.cnyes.com.		3600	IN	A	211.72.252.90
blog.cnyes.com.		3600	IN	A	211.72.252.223
blog.cnyes.com.		3600	IN	A	211.72.252.227
blog.cnyes.com.		3600	IN	MX	10 blog.cnyes.com.
m.blog.cnyes.com.	3600	IN	A	211.72.252.227
m.blog.cnyes.com.	3600	IN	A	211.72.252.90
m.blog.cnyes.com.	3600	IN	A	211.72.252.223
bugfix.cnyes.com.	3600	IN	A	211.72.252.39
buy.cnyes.com.		3600	IN	A	210.200.144.14
c2.cnyes.com.		3600	IN	A	122.147.235.80
luxury.cdn.cnyes.com.	3600	IN	A	210.71.219.41
luxury.cdn.cnyes.com.	3600	IN	A	210.71.219.42
chart.cnyes.com.	3600	IN	A	210.71.219.23
chart2.cnyes.com.	3600	IN	A	210.71.219.203
chiwan2010.cnyes.com.	3600	IN	A	210.202.223.240
cms.cnyes.com.		3600	IN	A	210.71.219.55
f.cms.cnyes.com.	3600	IN	A	210.71.219.55
cn.cnyes.com.		3600	IN	A	211.72.252.226
cnews.cnyes.com.	3600	IN	A	210.71.219.12
cnews.cnyes.com.	3600	IN	A	210.71.219.13
common.cnyes.com.	3600	IN	CNAME	blog.cnyes.com.
dotmore.cnyes.com.	3600	IN	A	202.39.48.176
ed.cnyes.com.		3600	IN	A	210.71.219.55
editor.cnyes.com.	3600	IN	A	210.71.219.55
etv.cnyes.com.		3600	IN	A	211.72.252.38
fashion.cnyes.com.	3600	IN	A	210.71.219.197
fashion.cnyes.com.	3600	IN	A	210.71.219.196
finance.cnyes.com.	3600	IN	A	210.71.219.30
fund.cnyes.com.		3600	IN	A	211.72.252.170
cn.fund.cnyes.com.	3600	IN	A	211.72.252.41
test.fund.cnyes.com.	3600	IN	A	211.72.252.170
fundb2b.cnyes.com.	3600	IN	A	59.124.237.133
gb.cnyes.com.		3600	IN	A	211.72.252.42
googleaccea72f5c19cbee.cnyes.com. 3600 IN CNAME	google.com.
house.cnyes.com.	3600	IN	A	211.72.252.170
housev2.cnyes.com.	3600	IN	A	211.72.252.38
img.cnyes.com.		3600	IN	CNAME	edge.cns.swiftserve.com.
cdn.img.cnyes.com.	3600	IN	A	211.72.252.170
img2.cnyes.com.		3600	IN	A	122.147.235.68
imgcache.cnyes.com.	3600	IN	CNAME	edge.cns.swiftserve.com.
o.imgcache.cnyes.com.	3600	IN	A	210.71.219.13
o.imgcache.cnyes.com.	3600	IN	A	210.71.219.12
imgeditor.cnyes.com.	3600	IN	A	122.147.13.133
imgmanager.cnyes.com.	3600	IN	A	210.71.219.55
info.cnyes.com.		3600	IN	A	59.124.237.155
intra.cnyes.com.	3600	IN	A	122.146.11.113
intranet.cnyes.com.	3600	IN	A	10.65.1.19
intranet.cnyes.com.	3600	IN	A	10.65.1.101
intranet.cnyes.com.	3600	IN	A	10.65.1.102
intranet.cnyes.com.	3600	IN	A	10.65.1.18
intranetb2b.cnyes.com.	3600	IN	A	10.65.1.63
intranetb2b.cnyes.com.	3600	IN	A	10.65.1.62
lab.cnyes.com.		3600	IN	A	211.72.252.90
ldap.cnyes.com.		3600	IN	A	211.72.252.33
life.cnyes.com.		3600	IN	A	210.71.219.197
life.cnyes.com.		3600	IN	A	210.71.219.196
litv.cnyes.com.		3600	IN	A	210.242.246.117
litvbak.cnyes.com.	3600	IN	A	210.71.219.124
litvbak.cnyes.com.	3600	IN	A	210.71.219.123
litvtest.cnyes.com.	3600	IN	A	210.242.246.117
luxury.cnyes.com.	3600	IN	CNAME	edge.cns.swiftserve.com.
m.cnyes.com.		3600	IN	A	211.72.252.225
cn.m.cnyes.com.		3600	IN	A	211.72.252.225
mag.cnyes.com.		3600	IN	A	211.72.252.224
cn.mag.cnyes.com.	3600	IN	A	211.72.252.224
m.mag.cnyes.com.	3600	IN	A	211.72.252.224
tw.mag.cnyes.com.	3600	IN	A	211.72.252.224
mdftp.cnyes.com.	3600	IN	A	59.124.237.132
mdftpssl.cnyes.com.	3600	IN	A	59.124.237.132
media.cnyes.com.	3600	IN	A	122.147.235.67
*.media.cnyes.com.	3600	IN	A	122.147.235.67
adev.media.cnyes.com.	3600	IN	A	122.147.235.67
soso.media.cnyes.com.	3600	IN	A	122.147.235.67
mli.cnyes.com.		3600	IN	A	210.71.219.41
mo.cnyes.com.		3600	IN	A	122.147.235.90
mobile.cnyes.com.	3600	IN	A	211.72.252.224
money.cnyes.com.	3600	IN	A	211.72.252.170
cn.money.cnyes.com.	3600	IN	A	211.72.252.226
moneytree.cnyes.com.	3600	IN	A	211.72.252.38
mserver.cnyes.com.	3600	IN	A	211.72.252.90
msn.cnyes.com.		3600	IN	A	210.71.219.41
mx1.cnyes.com.		3600	IN	A	210.71.187.212
mx105.cnyes.com.	3600	IN	A	122.146.11.105
mx106.cnyes.com.	3600	IN	A	122.146.11.106
mx107.cnyes.com.	3600	IN	A	122.146.11.107
mx108.cnyes.com.	3600	IN	A	122.146.11.108
mxyes.cnyes.com.	3600	IN	A	122.146.11.109
mxyes.cnyes.com.	3600	IN	MX	10 yes104.cnyes.com.
mxyes.cnyes.com.	3600	IN	MX	10 mx105.cnyes.com.
mxyes.cnyes.com.	3600	IN	MX	10 mx106.cnyes.com.
mxyes.cnyes.com.	3600	IN	MX	10 mx107.cnyes.com.
mxyes.cnyes.com.	3600	IN	MX	10 mx108.cnyes.com.
mxyes.cnyes.com.	3600	IN	MX	10 yes101.cnyes.com.
mxyes.cnyes.com.	3600	IN	MX	10 yes102.cnyes.com.
mxyes.cnyes.com.	3600	IN	MX	10 yes103.cnyes.com.
mxyes.cnyes.com.	3600	IN	TXT	"v=spf1 ip4:122.146.11.101/32 ip4:122.146.11.102/32 ip4:122.146.11.103/32 ip4:122.146.11.104/32 ip4:122.146.11.100/32 ip4:122.146.11.105/32 ip4:122.146.11.106/32 ip4:122.146.11.107/32  ip4:122.146.11.108/32 mx a ?all" "" ""
mxyes.cnyes.com.	3600	IN	TXT	"spf2.0/pra ip4:122.146.11.101/32 ip4:122.146.11.102/32 ip4:122.146.11.103/32 ip4:122.146.11.104/32 ip4:122.146.11.100/32 ip4:122.146.11.105/32 ip4:122.146.11.106/32 ip4:122.146.11.107/32 ip4:122.146.11.108/32 ?all"
s1024._domainkey.mxyes.cnyes.com. 3600 IN TXT	"k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5T4C4tyHsrVyiFZcqw4DGRDgfqtaPhEYqFSz/FSvVJywU1pBNF3rWkaaOjrzEIIb1vcIydgGi7xSXGbPqof9AnTHgVbX2cIASW09fTwTLokzj0dZ9gx9/Lsy7mjNvna4JQhLGl25oFsv2x3fwoRoynTw+2B9bRzCbTwtGX9mWOwIDAQAB\;"
news.cnyes.com.		3600	IN	CNAME	edge.cns.swiftserve.com.
cn.news.cnyes.com.	3600	IN	A	210.71.219.12
cn.news.cnyes.com.	3600	IN	A	210.71.219.13
test.news.cnyes.com.	3600	IN	A	210.71.219.41
test.news.cnyes.com.	3600	IN	A	210.71.219.42
newsget.cnyes.com.	3600	IN	A	122.147.13.148
ns.cnyes.com.		3600	IN	A	59.124.237.150
ns100.cnyes.com.	3600	IN	A	211.72.252.29
onews.cnyes.com.	3600	IN	A	210.71.219.42
onews.cnyes.com.	3600	IN	A	210.71.219.41
owww.cnyes.com.		3600	IN	A	211.72.252.30
privacy.cnyes.com.	3600	IN	A	210.71.219.49
pub.cnyes.com.		3600	IN	A	59.124.237.155
sea.cnyes.com.		3600	IN	A	210.71.219.25
search.cnyes.com.	3600	IN	A	211.72.252.170
smsgateway.cnyes.com.	3600	IN	A	211.72.252.40
so.cnyes.com.		3600	IN	A	211.72.252.225
big5.so.cnyes.com.	3600	IN	A	59.42.245.70
gb.so.cnyes.com.	3600	IN	A	59.42.245.70
so1.cnyes.com.		3600	IN	A	211.72.252.39
so2.cnyes.com.		3600	IN	A	211.72.252.225
st.cnyes.com.		3600	IN	A	210.71.219.55
stockana168.cnyes.com.	3600	IN	A	175.99.93.194
stockana168.cnyes.com.	3600	IN	A	175.99.93.195
stockana168.cnyes.com.	3600	IN	A	175.99.93.196
temp.cnyes.com.		3600	IN	A	211.72.252.39
theme.cnyes.com.	3600	IN	A	210.71.219.12
theme.cnyes.com.	3600	IN	A	210.71.219.13
to.cnyes.com.		3600	IN	A	122.147.13.147
tpoayes.cnyes.com.	3600	IN	A	59.124.237.153
traderoom.cnyes.com.	3600	IN	A	210.71.219.17
traderoom.cnyes.com.	3600	IN	A	210.71.219.18
traderoom.cnyes.com.	3600	IN	A	210.71.219.16
travel.cnyes.com.	3600	IN	A	211.72.252.38
tube.cnyes.com.		3600	IN	A	210.71.219.10
tv.cnyes.com.		3600	IN	A	211.72.252.38
tw.cnyes.com.		3600	IN	A	211.72.252.30
twnews.cnyes.com.	3600	IN	A	211.72.252.170
warrant.cnyes.com.	3600	IN	A	210.71.219.116
webmail.cnyes.com.	3600	IN	CNAME	login.microsoftonline.com.
www.cnyes.com.		3600	IN	A	211.72.252.30
www2.cnyes.com.		3600	IN	A	211.72.252.86
yes101.cnyes.com.	3600	IN	A	122.146.11.101
yes102.cnyes.com.	3600	IN	A	122.146.11.102
yes103.cnyes.com.	3600	IN	A	122.146.11.103
yes104.cnyes.com.	3600	IN	A	122.146.11.104
yes97.cnyes.com.	3600	IN	A	210.71.219.127
yesdm.cnyes.com.	3600	IN	A	122.146.11.109
yesdm.cnyes.com.	3600	IN	MX	10 mx108.cnyes.com.
yesdm.cnyes.com.	3600	IN	TXT	"spf2.0/pra ip4:122.146.11.101/32 ip4:122.146.11.102/32 ip4:122.146.11.103/32 ip4:122.146.11.104/32  ip4:122.146.11.100/32 ip4:122.146.11.105/32 ip4:122.146.11.106/32 ip4:122.146.11.107/32 ip4:122.146.11.108/32 ?all"
yesdm.cnyes.com.	3600	IN	TXT	"v=spf1 ip4:122.146.11.101/32 ip4:122.146.11.102/32 ip4:122.146.11.103/32 ip4:122.146.11.104/32  ip4:122.146.11.100/32 ip4:122.146.11.105/32 ip4:122.146.11.106/32 ip4:122.146.11.107/32 ip4:122.146.11.108/32 ?all"
s1024._domainkey.yesdm.cnyes.com. 3600 IN TXT	"k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5T4C4tyHsrVyiFZcqw4DGRDgfqtaPhEYqFSz/FSvVJywU1pBNF3rWkaaOjrzEIIb1vcIydgGi7xSXGbPqof9AnTHgVbX2cIASW09fTwTLokzj0dZ9gx9/Lsy7mjNvna4JQhLGl25oFsv2x3fwoRoynTw+2B9bRzCbTwtGX9mWOwIDAQAB\;"
cnyes.com.		3600	IN	SOA	ldap.cnyes.com. admin.cnyes.com. 748 900 600 86400 3600
;; Query time: 2201 msec
;; SERVER: 211.72.252.33#53(211.72.252.33)
;; WHEN: Fri Feb  6 11:15:22 2015
;; XFR size: 171 records (messages 171, bytes 10362)

修复方案：

1.限制访问

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：8

确认时间：2015-04-17 22:55

厂商回复：

感謝通報

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0107107

漏洞标题：台湾cnyes钜亨网dns域传送漏洞

相关厂商：cnyes钜亨网

漏洞作者：路人甲

提交时间：2015-04-13 17:55

修复时间：2015-06-01 22:56

公开时间：2015-06-01 22:56

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0107107

漏洞标题：台湾cnyes钜亨网dns域传送漏洞

相关厂商：cnyes钜亨网

漏洞作者： 路人甲

提交时间：2015-04-13 17:55

修复时间：2015-06-01 22:56

公开时间：2015-06-01 22:56

漏洞类型：系统/服务运维配置不当

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0107107"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云